On 3/21/2011 7:01 PM, Massimiliano Pala wrote:
Hi all,
I was wondering: how do I verify if a pkey used in an ECDSA certificate is
on one specific curve ?
The certificate should have as part of the Public Key Info the OID
of the curve used, (or the parameters of the curve)
Or, better, how to easily print out the txt identifier
of the curve used in a certificate ?
the openssl x509 -text ...
will print the curve name:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:28:7a:4d:f3:65:ee:57:76:df:7d:dd:8a:04:83:
5b:47:df:22:b5:ff:f2:20:9c:50:22:d4:8a:7d:01:
1f:e2:37:d9:f8:05:fb:a9:b6:90:d9:87:3c:7d:05:
05:f7:60:09:95:b0:43:84:27:36:36:c0:78:73:61:
59:73:43:b2:ed:b1:40:22:ae:6d:85:1e:25:b5:75:
d4:ab:c2:94:63:15:52:cf:48:55:a1:67:eb:94:af:
fe:a4:7d:8c:37:37:e2
ASN1 OID: secp384r1
...
That would be a useful addition to the
output in a ECDSA certificate. Something like:
...
Curve Name: secp384r1
...
Or better, is there an easy way to know if a curve is one of the NIST
approved (SuiteB) ones ?
See Peter's note on the list of NIST OIDs.
Cheers,
Max
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
